IrfanView Formats Plug-in IFF File Handling Buffer Overflow
Vulnerability
Secunia Advisory: SA25052
Release Date: 2007-04-30
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Unpatched
Software: IrfanView Formats Plug-in 4.x
Description:
Marsu has discovered a vulnerability in IrfanView's Formats
plug-in,
which can be exploited by malicious people to compromise a
user's system.
The vulnerability is caused due to a boundary error within
the Formats
plug-in (Formats.dll) when handling IFF files. This can be
exploited to
cause a stack-based buffer overflow via a specially crafted
IFF file.
Successful exploitation allows execution of arbitrary code.
The vulnerability is confirmed in version 4.0.0.0 of the
Formats plug-in
using IrfanView version 4.00. Other versions may also be
affected.
Solution:
Do not open untrusted IFF files.
Provided and/or discovered by:
Marsu
Original Advisory:
http://milw0rm.com/e
xploits/3811
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/r
ules.htm
Contact list owner <owner-pcworks imagicomm.com>
Unsubscribing and other changes: http://pcworkers.com
=====================================================
|
